package com.atlassian.jira.security;

import com.atlassian.core.ofbiz.CoreFactory;
import com.atlassian.core.ofbiz.util.EntityUtils;
import com.atlassian.core.util.collection.EasyList;
import com.atlassian.core.util.map.EasyMap;
import com.atlassian.crowd.embedded.api.CrowdService;
import com.atlassian.crowd.embedded.api.User;
import com.atlassian.crowd.search.EntityDescriptor;
import com.atlassian.crowd.search.builder.QueryBuilder;
import com.atlassian.event.api.EventListener;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.event.ClearCacheEvent;
import com.atlassian.jira.exception.CreateException;
import com.atlassian.jira.exception.RemoveException;
import com.atlassian.jira.extension.Startable;
import com.atlassian.jira.jelly.tag.admin.GetAssociatedSchemes;
import com.atlassian.jira.security.type.GroupDropdown;
import com.atlassian.jira.user.util.UserUtil;
import com.opensymphony.user.Group;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import org.ofbiz.core.entity.GenericEntityException;

/* loaded from: input_file:com/atlassian/jira/security/DefaultGlobalPermissionManager.class */
public class DefaultGlobalPermissionManager implements GlobalPermissionManager, Startable {
    private final GlobalPermissionsCache cache = new GlobalPermissionsCache();
    private final EventPublisher eventPublisher;
    private final CrowdService crowdService;

    public DefaultGlobalPermissionManager(EventPublisher eventPublisher, CrowdService crowdService) {
        this.eventPublisher = eventPublisher;
        this.crowdService = crowdService;
    }

    @Override // com.atlassian.jira.extension.Startable
    public void start() throws Exception {
        this.eventPublisher.register(this);
    }

    @EventListener
    public void onClearCache(ClearCacheEvent clearCacheEvent) {
        this.cache.refresh();
    }

    @Override // com.atlassian.jira.security.GlobalPermissionManager
    public boolean addPermission(int i, String str) throws CreateException {
        if (!Permissions.isGlobalPermission(i)) {
            throw new IllegalArgumentException("PermissionType passed must be a global permissions " + i + " is not");
        }
        if (i == 1 && str == null) {
            throw new IllegalArgumentException("The group Anyone cannot be added to the global permission JIRA Users");
        }
        try {
            EntityUtils.createValue("SchemePermissions", EasyMap.build(GetAssociatedSchemes.SCHEME_TYPE_PERMISSION, new Long(i), "type", GroupDropdown.DESC, "parameter", str));
            this.cache.refresh();
            clearActiveUserCountIfNecessary(i);
            return true;
        } catch (GenericEntityException e) {
            throw new CreateException((Exception) e);
        }
    }

    @Override // com.atlassian.jira.security.GlobalPermissionManager
    public Collection<JiraPermission> getPermissions(int i) {
        return this.cache.getPermissions(i);
    }

    @Override // com.atlassian.jira.security.GlobalPermissionManager
    public boolean removePermission(int i, String str) throws RemoveException {
        if (!Permissions.isGlobalPermission(i)) {
            throw new IllegalArgumentException("PermissionType passed to this function must be a global permission, " + i + " is not");
        }
        JiraPermission jiraPermission = new JiraPermission(i, str, GroupDropdown.DESC);
        if (!hasPermission(jiraPermission)) {
            return false;
        }
        try {
            CoreFactory.getGenericDelegator().removeAll(EasyList.build(this.cache.getPermission(jiraPermission)));
            this.cache.refresh();
            clearActiveUserCountIfNecessary(i);
            return true;
        } catch (GenericEntityException e) {
            throw new RemoveException((Exception) e);
        }
    }

    @Override // com.atlassian.jira.security.GlobalPermissionManager
    public boolean removePermissions(String str) throws RemoveException {
        if (str == null) {
            throw new IllegalArgumentException("Group passed must NOT be null");
        }
        if (this.crowdService.getGroup(str) == null) {
            throw new IllegalArgumentException("Group passed must exist");
        }
        for (JiraPermission jiraPermission : this.cache.getPermissions()) {
            if (str.equals(jiraPermission.getGroup())) {
                try {
                    this.cache.getPermission(jiraPermission).remove();
                    clearActiveUserCountIfNecessary(jiraPermission.getType());
                } catch (GenericEntityException e) {
                    throw new RemoveException((Exception) e);
                }
            }
        }
        this.cache.refresh();
        return true;
    }

    @Override // com.atlassian.jira.security.GlobalPermissionManager
    public boolean hasPermission(int i) {
        if (Permissions.isGlobalPermission(i)) {
            return hasPermission(new JiraPermission(i));
        }
        throw new IllegalArgumentException("PermissionType passed to this function must a global permission, " + i + " is not");
    }

    @Override // com.atlassian.jira.security.GlobalPermissionManager
    public boolean hasPermission(int i, User user) {
        if (!Permissions.isGlobalPermission(i)) {
            throw new IllegalArgumentException("PermissionType passed to this function must a global permission, " + i + " is not");
        }
        if (user == null) {
            throw new IllegalArgumentException("User passed to this function cannot be null");
        }
        if (hasPermission(i)) {
            return true;
        }
        Iterator it = this.crowdService.search(QueryBuilder.queryFor(String.class, EntityDescriptor.group()).parentsOf(EntityDescriptor.user()).withName(user.getName()).returningAtMost(-1)).iterator();
        while (it.hasNext()) {
            if (hasPermission(new JiraPermission(i, (String) it.next(), GroupDropdown.DESC))) {
                return true;
            }
        }
        return false;
    }

    @Override // com.atlassian.jira.security.GlobalPermissionManager
    public Collection<Group> getGroups(int i) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = getGroupNames(i).iterator();
        while (it.hasNext()) {
            com.atlassian.crowd.embedded.api.Group group = this.crowdService.getGroup(it.next());
            if (group != null) {
                arrayList.add(new Group(group));
            }
        }
        return Collections.unmodifiableCollection(arrayList);
    }

    @Override // com.atlassian.jira.security.GlobalPermissionManager
    public Collection<com.atlassian.crowd.embedded.api.Group> getGroupsWithPermission(int i) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = getGroupNames(i).iterator();
        while (it.hasNext()) {
            com.atlassian.crowd.embedded.api.Group group = this.crowdService.getGroup(it.next());
            if (group != null) {
                arrayList.add(group);
            }
        }
        return Collections.unmodifiableCollection(arrayList);
    }

    @Override // com.atlassian.jira.security.GlobalPermissionManager
    public Collection<String> getGroupNames(int i) {
        if (!Permissions.isGlobalPermission(i)) {
            throw new IllegalArgumentException("PermissionType passed to this function must a global permission, " + i + " is not");
        }
        HashSet hashSet = new HashSet();
        Iterator<JiraPermission> it = this.cache.getPermissions(i).iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getGroup());
        }
        return Collections.unmodifiableCollection(hashSet);
    }

    protected boolean hasPermission(JiraPermission jiraPermission) {
        return 0 == jiraPermission.getType() ? this.cache.hasPermission(jiraPermission) || this.cache.hasPermission(new JiraPermission(44, jiraPermission.getGroup(), jiraPermission.getPermType())) : this.cache.hasPermission(jiraPermission);
    }

    private void clearActiveUserCountIfNecessary(int i) {
        if (Permissions.getUsePermissions().contains(Integer.valueOf(i))) {
            getUserUtil().clearActiveUserCount();
        }
    }

    UserUtil getUserUtil() {
        return ComponentAccessor.getUserUtil();
    }

    @Override // com.atlassian.jira.security.GlobalPermissionManager
    public boolean hasPermission(int i, com.opensymphony.user.User user) {
        return hasPermission(i, (User) user);
    }
}
